Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface
Vulnerability Description
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/index_sets/' endpoint.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Graylog Web Interface 跨站脚本漏洞
Vulnerability Description
Graylog Web Interface是美国Graylog公司的一套Web界面。 Graylog Web Interface 2.2.3版本存在跨站脚本漏洞,该漏洞源于HTML输出缺少适当的清理和转义,可能导致通过端点/system/index_sets/注入和执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A